31 lines
867 B
YAML
31 lines
867 B
YAML
# SPDX-License-Identifier: BSD-3-Clause
|
|
---
|
|
- hosts: network-test
|
|
vars:
|
|
network_connections:
|
|
- name: eth0
|
|
type: ethernet
|
|
ieee802_1x:
|
|
identity: myhost
|
|
eap: tls
|
|
private_key: /etc/pki/tls/client.key
|
|
# recommend vault encrypting the private key password
|
|
# see https://docs.ansible.com/ansible/latest/user_guide/vault.html
|
|
private_key_password: "p@55w0rD"
|
|
client_cert: /etc/pki/tls/client.pem
|
|
ca_cert: /etc/pki/tls/cacert.pem
|
|
domain_suffix_match: example.com
|
|
|
|
# certs have to be deployed first
|
|
pre_tasks:
|
|
- name: copy certs/keys for 802.1x auth
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/pki/tls/{{ item }}"
|
|
with_items:
|
|
- client.key
|
|
- client.pem
|
|
- cacert.pem
|
|
roles:
|
|
- linux-system-roles.network
|